Red Hat Product Errata RHSA-2007:0510 - Security Advisory

Issued:: 2007-06-25
Updated:: 2007-06-25

RHSA-2007:0510 - Security Advisory

Overview
Updated Packages

Synopsis

Important: evolution-data-server security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated evolution-data-server package that fixes a security bug are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The evolution-data-server package provides a unified backend for programs
that work with contacts, tasks, and calendar information.

A flaw was found in the way evolution-data-server processes certain IMAP
server messages. If a user can be tricked into connecting to a malicious
IMAP server it may be possible to execute arbitrary code as the user
running the evolution-data-server process. (CVE-2007-3257)

All users of evolution-data-server should upgrade to these updated
packages, which contain a backported patch which resolves this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 244277 - CVE-2007-3257 evolution malicious server arbitrary code execution

CVEs

CVE-2007-3257

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
x86_64
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: b3a85eab368200a6fd8f4ac16e6798f522df0f0b13a8e3dee5a3d0313948cbd1
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d
evolution-data-server-devel-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: 2bbcd8b564faa7f1e72f51784736d6fc1842c6bc502710630986d038863c453e
ia64
evolution-data-server-1.8.0-15.0.4.el5.ia64.rpm	SHA-256: 048212844dd9798661ed0869c9fd13fd1d3d1bc2426a9740cd380efb71ef3c94
evolution-data-server-devel-1.8.0-15.0.4.el5.ia64.rpm	SHA-256: a84efeef5327df9ab5a098a506829e6c8142781266e4e96685f97d72c8e8c81d
i386
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d

Red Hat Enterprise Linux Workstation 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
x86_64
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: b3a85eab368200a6fd8f4ac16e6798f522df0f0b13a8e3dee5a3d0313948cbd1
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d
evolution-data-server-devel-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: 2bbcd8b564faa7f1e72f51784736d6fc1842c6bc502710630986d038863c453e
i386
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d

Red Hat Enterprise Linux Desktop 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
x86_64
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: b3a85eab368200a6fd8f4ac16e6798f522df0f0b13a8e3dee5a3d0313948cbd1
i386
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
s390x
evolution-data-server-1.8.0-15.0.4.el5.s390.rpm	SHA-256: 8d3697dfe06855a72ab5d17b0410b113ddebf5b46f4bd080bc42992967c6993b
evolution-data-server-1.8.0-15.0.4.el5.s390x.rpm	SHA-256: 84dae1f5a33a99ff966f5a026c588bdc760b7dac8a83ef5db5a374acfe7d849c
evolution-data-server-devel-1.8.0-15.0.4.el5.s390.rpm	SHA-256: 4a54199b9b460c8d1d165ef6c130ff3c72600665dade7d2fdc23eff9cce14966
evolution-data-server-devel-1.8.0-15.0.4.el5.s390x.rpm	SHA-256: 842ee23c98568150f4fe95a1a37683a65da8a7088fa028071360ae54151c55ff

Red Hat Enterprise Linux for Power, big endian 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
ppc
evolution-data-server-1.8.0-15.0.4.el5.ppc.rpm	SHA-256: fda85253b3cda7fa6f421d7ce2a323855bf49928dfc952f5528a18128e6e6240
evolution-data-server-1.8.0-15.0.4.el5.ppc64.rpm	SHA-256: e4ba239b122b914fb4d5be4cf588e34309f11508503dd974f51bd433cd0e336d
evolution-data-server-devel-1.8.0-15.0.4.el5.ppc.rpm	SHA-256: 16764ad79a9a16e110332b88f7b9872463b08f7988552ecf9076e27b497c9c60
evolution-data-server-devel-1.8.0-15.0.4.el5.ppc64.rpm	SHA-256: a7f280f3d167eb95cf0092fd5971de7e95c1b6f365ace78c88bd41f906e2a8df

Red Hat Enterprise Linux Server from RHUI 5

SRPM
evolution-data-server-1.8.0-15.0.4.el5.src.rpm	SHA-256: a4c24c6afd04bcf79fc47887ee3a165af285b02355a9a30fe4975d8cefc775d4
x86_64
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: b3a85eab368200a6fd8f4ac16e6798f522df0f0b13a8e3dee5a3d0313948cbd1
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d
evolution-data-server-devel-1.8.0-15.0.4.el5.x86_64.rpm	SHA-256: 2bbcd8b564faa7f1e72f51784736d6fc1842c6bc502710630986d038863c453e
i386
evolution-data-server-1.8.0-15.0.4.el5.i386.rpm	SHA-256: 453bc4bc99c4169dad3fb77a7f2dd36642ee241c35ab7706a14a3bfb2a4ef9c3
evolution-data-server-devel-1.8.0-15.0.4.el5.i386.rpm	SHA-256: c63b1ce8bf697f28b9ab3c9beca0dbdd8ab8acbdbaa82657ecfc8bcd97cfc07d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories